BreachForums Admin Pompompurin Gets 20-Year Supervised Sentence


Conor Brian Fitzpatrick was charged in March 2023 for stealing and selling sensitive personal data of countless US citizens and US and foreign organizations and government agencies via the forum.

Conor Brian Fitzpatrick, a 21-year-old man from Peekskill, New York, has been sentenced to 20 years of supervised release in the Eastern District of Virginia for operating the notorious BreachForums hacking forum.

For your information, Fitzpatrick launched BreachForums in March 2022 after the FBI took down the then-popular cybercrime marketplace, RaidForums. It served as an ideal platform for selling/leaking millions of personal data worldwide. The platform contained nearly 900 stolen databases storing more than 14 billion individual records, which BreachForums members were entitled to use. 

BreachForums ceased operations after the FBI apprehended Fitzpatrick and reportedly reemerged under the management of ShinyHunters, causing concern among cybersecurity experts and law enforcement agencies worldwide. Baphomet, one of the original forum administrators, confirmed the resurgence in a PGP-signed message, leaving little doubt about its authenticity.

Fitzpatrick was arrested on 15th March 2023 from his family home. Under custody, he admitted to owning/operating BreachForums under the “pompompurin” moniker. The accused was released on a $300,000 bond and was re-arrested on 2nd January 2024 for violating pretrial release conditions by using a computer without the required monitoring software and using VPN services.

Fitzpatrick was charged in March 2023 for stealing and selling sensitive personal data of countless US citizens and US and foreign organizations and government agencies via the forum. Court documents reveal that he possessed nearly 26 video files containing sexually explicit videos of minors, including prepubescent ones. Prosecutors claimed Fitzpatrick knowingly possessed these files.

The sentencing recommendation memo reveals several incidents involving Fitzpatrick, including a data leak in December 2022 exposing records of 87,760 members of InfraGuard, 200 million users of a US social media company, 20 million user records for a background check service company, and data theft involving thousands of users’ private health insurance information in March 2023.

Fitzpatrick pleaded guilty to several counts, including Conspiracy to Commit Access Device Fraud, Solicitation for the Purpose of Offering Access, and Possession of CSAM on July 13, 2023 (PDF). He served as a middleman for stolen data transactions and admitted to feeding false information to law enforcement.

Prosecutors sought 188 months (15.7 years) of imprisonment. The defendant’s attorneys filed a memo under seal recommending his sentencing, citing confidential and medical information that should not be disclosed to the public. The court showed leniency and sentenced Fitzpatrick to time served and 20 years of supervised release. The sentencing memorandum was submitted (PDF) on 16th January 2024.

Per the sentencing conditions (PDF), for the first two years of his release, Fitzpatrick will stay at home arrest with a GPS locator and also receive mental health treatment. Fitzpatrick cannot access the internet during his first year of supervised release, and a probation officer will install monitoring software on his computer.

Prosecutors claimed that Fitzpatrick’s platform enabled hackers and fraudsters to commit “more sophisticated crimes than any could have done alone,” impacting nearly every sector of U.S. society.

  1. Authorities seize the world’s biggest dark web child abuse site
  2. Data Breach at New BreachForums: 4,000 members’ data leaked
  3. Gender Diversity in Cybercrime Forums: Women Users on the Rise
  4. Raidforums Database Leak: Data of 460,000 Users Dumped Online
  5. Operator of Major Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US





Source link